Peter's Blog

Viruses, worms, and Trojan Horses are malicious programs that can cause damage to your computer and information on your computer, slow down the Internet, and use your computer to spread themselves to your friends, family, co-workers, and the rest of the Web. The good news is that with an ounce of prevention and some good common sense you are less likely to fall victim to these threats. Think of it as locking your front door to protect your entire family.

What is a virus?
A virus is a piece of computer code that attaches itself to a program or file so it can spread from computer to computer, infecting as it travels. Viruses can damage your software, your hardware, and your files. Just as human viruses range in severity from Ebola to the 24-hour Flu, computer viruses range from the mildly annoying to the downright destructive.

What is a worm?
A worm, like a virus, is designed to copy itself from one computer to another, but it does so automatically by taking control of features on the computer that can transport files or information. Once you have a worm in your system it can travel alone. A great danger of worms is their ability to replicate in great volume. For example, a worm could send out copies of itself to everyone listed in your e-mail address book, and their computers would then do the same, causing a domino effect of heavy network traffic that would slow down business networks and the Internet as a whole. When new worms are unleashed, they spread very quickly, clogging networks and possibly making you wait twice as long for you (and everyone else) to view Web pages on the Internet. Because worms don’t need to travel via a “host” program or file, they can also tunnel into your system and allow somebody else to take control of your computer remotely. Recent examples of worms included the Sasser worm and the Blaster worm.

What is a Trojan Horse?
Just as the mythological Trojan Horse appeared to be a gift, but turned out to contain Greek soldiers who overtook the city of Troy, today’s Trojan Horses are computer programs that appear to be useful software, but instead they compromise your security and cause a lot of damage. A recent Trojan Horse came in the form of an e-mail that included attachments claiming to be Microsoft security updates, but turned out to be viruses that attempted to disable antivirus and firewall software. Trojan Horses can also be included in software that you download for free. Never download software from a source that you don’t trust. Always download Microsoft updates and patches from Microsoft Windows Update or Microsoft Office Update.

How do worms and other viruses spread?
Virtually all viruses and many worms cannot spread unless you open or run an infected program. Many of the most dangerous viruses were primarily spread through e-mail attachments—the files that are sent along with an e-mail message. You can usually tell if your e-mail includes an attachment because you’ll see a paperclip icon that represents the attachment and includes its name. Photos, letters written in Microsoft Word, and even Excel spreadsheets are just some of the file types you might receive through e-mail each day. The virus is launched when you open the file attachment (usually by double-clicking the attachment icon).

Tip: Never open anything that is attached to an e-mail unless you were expecting the attachment and you know the exact contents of that file. If you receive an e-mail with an attachment from someone you don’t know you should delete it immediately. Unfortunately, you’re no longer safe opening attachments from people you do know. Viruses and worms have the ability to steal the information out of e-mail programs and send themselves to everyone listed in your address book. So, if you get an e-mail from someone with a message you don’t understand or a file you weren’t expecting, always contact the person and confirm the contents of the attachment before you open it. Other viruses can spread through programs you download from the Internet or from virus-ridden computer disks that you borrow from friends or even buy in a store. These are less common ways to contract a virus. Most people get viruses from opening and running unknown e-mail attachments.

1. Using Frames
Splitting a page into frames is very confusing for users since frames break the fundamental user model of the web page. All of a sudden, you cannot bookmark the current page and return
to it (the bookmark points to another version of the frameset), URLs stop working, and printouts become difficult. Even worse, the predictability of user actions goes out the door: who knows what information will appear where when you click on a link?

2. Gratuitous Use of Bleeding-Edge Technology
Don’t try to attract users to your site by bragging about use of the latest web technology. You may attract a few nerds, but mainstream users will care more about useful content and your ability to offer good customer service. Using the latest and greatest before it is even out of beta is a sure way to discourage users: if their system crashes while visiting your site, you can bet that many of them will not be back. Unless you are in the business of selling Internet products or services, it is better to wait until some experience has been gained with respect to the appropriate ways of using new techniques.

3. Scrolling Text, Marquees, and Constantly Running Animations
Never include page elements that move incessantly. Moving images have an overpowering effect on the human peripheral vision. A web page should not emulate Times Square in New York City in its constant attack on the human senses: give your user some peace and quiet to actually read the text!

4. Complex URLs
Even though machine-level addressing like the URL should never have been exposed in the user interface, it is there and we have found that users actually try to decode the URLs of pages to infer the structure of web sites. Users do this because of the horrifying lack of support for navigation and sense of location in current web browsers. Thus, a URL should contain human-readable directory and file names that reflect the nature of the information space.

5. Orphan Pages
Make sure that all pages include a clear indication of what web site they belong to since users may access pages directly without coming in through your home page. For the same reason, every page should have a link up to your home page as well as some indication of where they fit within the structure of your information space.

6. Long Scrolling Pages
Only 10% of users scroll beyond the information that is visible on the screen when a page comes up. All critical content and navigation options should be on the top part of the page.

7. Lack of Navigation Support
Don’t assume that users know as much about your site as you do. They always have difficulty finding information, so they need support in the form of a strong sense of structure and place. Start your design with a good understanding of the structure of the information space and communicate this structure explicitly to the user. Provide a site map and let users know where they are and where they can go. Also, you will need a good search feature since even the best navigation support will never be enough.

8. Non-Standard Link Colors
Links to pages that have not been seen by the user are blue; links to previously seen pages are purple or red. Don’t mess with these colors since the ability to understand what links have been followed is one of the few navigational aides that is standard in most web browsers.

9. Outdated Information
Budget to hire a web gardener as part of your team. You need somebody to root out the weeds and replant the flowers as the website changes but most people would rather spend their time creating new content than on maintenance. In practice, maintenance is a cheap way of enhancing the content on your website since many old pages keep their relevance and should be linked into the new pages.

10. Overly Long Download Times
I am placing this issue last because most people already know about it; not because it is the least important. Traditional human factors guidelines indicate 10 seconds as the maximum response time before users lose interest. On the web, users have been trained to endure so much suffering that it may be acceptable to increase this limit to 15 seconds for a few pages.

Even websites with high-end users need to consider download times: many B2B customers access websites from home computers in the evening because they are too busy to surf the Web during working hours.

Article is from Yahoo Tech - Wed Jan 17, 2007 3:24AM EST

When it comes to security, Bruce Schneier is a God among us mere mortals. He has written some of the most influential books on computer security and cryptography ever printed, and his blog is essential reading for anyone on the Internet.

So when Bruce says here’s how to create a secure password (and how he creates his own passwords), I listen. His post on the topic is extensive, so I’ll try to boil it down to the essentials. If you have the time, I encourage you to read the whole thing, though.

First question: How are passwords cracked, anyway? Primarily through brute force “dictionary” attacks, where software tries to guess a password by running through a series of common phrases or words in various combinations. Sure, we know that “password” and “qwerty” are easy to crack, but password crackers have gotten much more sophisticated these days. Now, they check hundreds of these common “root” passwords (here’s a list)… in combination with various “appendages,” including all two- and three-digit combinations, single symbols (like ! and ?), dates from 1900 on, and a few others. The crackers also sub in common characters like “3″ for “E” and other typical hacker-speak substitutions.

What’s that mean? Basically, if you thought the safe-looking pigl3t9! was a secure password, you’re sadly mistaken. Any modern password cracker will suss it out in a matter of minutes.

Before you begin to despair, Schneier offers simple rules on how to create a password that cannot be easily cracked by such methods. (Mind you, given enough time, any password can be cracked, though. But this will make it much harder.)

The trick is to use a “root” that is not in that list that I linked above, and to put your “appendage” (or two of them) in an unusual place: Either in the middle of the root or at both the beginning and the end.

Schneier’s example is to use a word that you can pronounce but which is spelled “wrong": armwar or pitchsure or baysball are all examples. Then attach your appendage(s): arm9!9war or 1066pitchsure6601 or bay1776sball. It shouldn’t take much effort to commit any of these to memory.

Excerpt from geodsoft.com

Because Windows NT maintains backward compatibility with Windows 95 and 98 and the LANMAN authentication they support, Windows NT passwords are particularly easy to crack. A LANMAN password is upper cased, padded to 14 characters, divided into two seven character parts, each of which is used as a key to encrypt a constant. The two hashed results are concatenated and stored as the LANMAN hash which is stored along with the NT hash in the SAM part of the registry.

Two seven character pieces are much easier to break than a single 14 character sequence. Just how much easier depends on the character set but is at least 7 and more likely 9 or 10 orders of magnitude. Also, all LANMAN passwords are treated as all upper case so that if a mixed case password is used, all lower case letters are uppercased before the encryption is done. This removes 26 characters that could have been used, also greatly simplifying cracking but how much depends on how many characters are in the password. 8 character LANMAN passwords are about 890 times easier to crack than their NT counterparts should be and 14 character LANMAN passwords are about 450 trillion (15 decimal places) times easier to crack than their NT counterparts should be.

Unfortunately, getting the LANMAN password pretty much gives the NT password also. After the LANMAN password is cracked, 2 to the nth power where n is the length of the password, gives the maximum number of case variations that must be tried to get the NT password. On contemporary hardware, this will probably take less than a second.

Pages: 1 2 3 4 5

The POP3 Server
In the simplest implementations of POP3, the server really does maintain a collection of text files – one for each e-mail account. When a message arrives, the POP3 server simply appends it to the bottom of the recipient’s file!

When you check your e-mail, your e-mail client connects to the POP3 server using port 110. The POP3 server requires an account name and a password. Once you have logged in, the POP3 server opens your text file and allows you to access it. Like the SMTP server, the POP3 server understands a very simple set of text commands.
Here are the most common commands:

• USER - enter your user ID
• PASS - enter your password
• QUIT - quit the POP3 server
• LIST - list the messages and their size
• RETR - retrieve a message, pass it a message number
• DELE - delete a message, pass it a message number
• TOP - show the top x lines of a message, pass it a message number and the number of lines

Your e-mail client connects to the POP3 server and issues a series of commands to bring copies of your e-mail messages to your local machine. Generally, it will then delete the messages from the server (unless you’ve told the e-mail client not to).

You can see that the POP3 server simply acts as an interface between the e-mail client and the text file containing your messages. And again, you can see that the POP3 server is extremely simple! You can connect to it through telnet at port 110 and issue the commands yourself if you would like to.

The IMAP Server
As you can see, the POP3 protocol is very simple. It allows you to have a collection of messages stored in a text file on the server. Your e-mail client (e.g. Outlook Express) can connect to your POP3 e-mail server and download the messages from the POP3 text file onto your PC. That is about all that you can do with POP3.

Many users want to do far more than that with their e-mail, and they want their e-mail to remain on the server. The main reason for keeping your e-mail on the server is to allow users to connect from a variety of machines. With POP3, once you download your e-mail it is stuck on the machine to which you downloaded it. If you want to read your e-mail both on your desktop machine and your laptop (depending on whether you are working in the office or on the road), POP3 makes life difficult.

IMAP (Internet Mail Access Protocol) is a more advanced protocol that solves these problems. With IMAP, your mail stays on the e-mail server. You can organize your mail into folders, and all the folders live on the server as well. When you search your e-mail, the search occurs on the server machine, rather than on your machine. This approach makes it extremely easy for you to access your e-mail from any machine, and regardless of which machine you use, you have access to all of your mail in all of your folders.

Your e-mail client connects to the IMAP server using port 143. The e-mail client then issues a set of text commands that allow it to do things like list all the folders on the server, list all the message headers in a folder, get a specific e-mail message from the server, delete messages on the server or search through all of the e-mails on the server.

One problem that can arise with IMAP involves this simple question: “If all of my e-mail is stored on the server, then how can I read my mail if I am not connected to the Internet?” To solve this problem, most e-mail clients have some way to cache e-mail on the local machine. For example, the client will download all the messages and store their complete contents on the local machine (just like it would if it were talking to a POP3 server). The messages still exist on the IMAP server, but you now have copies on your machine. This allows you to read and reply to e-mail even if you have no connection to the Internet. The next time you establish a connection, you download all the new messages you received while disconnected and send all the mail that you wrote while disconnected.

Attachments
Your e-mail client allows you to add attachments to e-mail messages you send, and also lets you save attachments from messages that you receive. Attachments might include word processing documents, spreadsheets, sound files, snapshots and pieces of software. Usually, an attachment is not text (if it were, you would simply include it in the body of the message). Since e-mail messages can contain only text information, and attachments are not text, there is a problem that needs to be solved.

In the early days of e-mail, you solved this problem by hand, using a program called uuencode. The uuencode program assumes that the file contains binary information. It extracts 3 bytes from the binary file and converts them to four text characters (that is, it takes 6 bits at a time, adds 32 to the value of the 6 bits and creates a text character). What uuencode produces, therefore, is an encoded version of the original binary file that contains only text characters. In the early days of e-mail, you would run uuencode yourself and paste the uuencoded file into your e-mail message.

The recipient would then save the uuencoded portion of the message to a file and run uudecode on it to translate it back to binary. The word “reports” in the first line tells uudecode what to name the output file.

Modern e-mail clients are doing exactly the same thing, but they run uuencode and uudecode for you automatically. If you look at a raw e-mail file that contains attachments, you’ll find that the attachment is represented in the same uuencoded text format shown above!

Considering its tremendous impact on society, having forever changed the way we communicate, today’s e-mail system is one of the simplest things ever devised! There are parts of the system, like the routing rules in sendmail, that get complicated, but the basic system is incredibly straightforward.

The next time you send an e-mail, you’ll know exactly how it’s getting to its destination.